Cyber Security March 2018

This posting is here to collect security alert news in March 2018.

I post links to security vulnerability news to comments of this article.

 

227 Comments

  1. Tomi Engdahl says:

    RDP Flaw: Every Windows Version Affected
    https://www.cloudmanagementsuite.com/major-rdp-flaw

    CredSSP Flaw in RDP
    Credential Security Support Provider protocol (CredSSP), a Windows protocol that interacts with features like RDP, has a critical vulnerability. The danger here is that malicious entities could manipulate RDP to gain access to user’s devices and environments, stealing sensitive and valuable data.

    This previously unknown remote code execution vulnerability was reported to Microsoft in August last year, but the tech giant issued a fix for the protocol just now as part of its Patch Tuesday release—that’s almost after 7 months of reporting.

    Since RDP is a feature within Windows, and one of the most popular application to perform remote access, everyone is exposed to this security threat. Literally every version of Windows, at the time of this article, contains this flaw.

    Reply
  2. Tomi Engdahl says:

    Whois? More like WHOWAS: Domain database on verge of collapse over EU privacy
    https://www.theregister.co.uk/2018/03/16/whois_gdpr_icann/

    Governments refuse to get sucked into policy shambles, kibosh DNS GDPR plans

    An effort to resolve conflicts between upcoming European privacy legislation and the global Whois service for domain names has, predictably, failed, raising fears that cybercriminals will take advantage of the impasse.

    At the end of a week of meetings hosted by domain-name overseer ICANN, the US-based organization’s proposed interim model lies in tatters, and there is no sign of a forthcoming solution before the May 25 deadline, when the General Data Protection Regulation (GDPR) comes into effect.

    Industry insiders fear that, without agreement, the Whois service, which publicly lists full contact details of domain-name registrants, will effectively shut down in order to avoid fines and possible lawsuits under the Euro rules.

    Reply
  3. Tomi Engdahl says:

    How Trump Consultants Exploited the Facebook Data of Millions
    https://mobile.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html?referer=http://m.facebook.com/

    The firm had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work.

    So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network’s history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.

    Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
    https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election

    Whistleblower describes how firm linked to former Trump adviser Steve Bannon compiled user data to target American voters

    • How Cambridge Analytica’s algorithms turned ‘likes’ into a political tool

    The data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested millions of Facebook profiles of US voters, in the tech giant’s biggest ever data breach, and used them to build a powerful software program to predict and influence choices at the ballot box.

    A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser Steve Bannon – used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.

    Reply
  4. Tomi Engdahl says:

    Netsparker raises $40M to grow its web application security scanning product
    https://siliconangle.com/blog/2018/03/08/netsparker-raises-40m-grow-web-application-security-scanning-product/

    Founded in 2009, Netsparker offers web application security scanning software that allows users to identify security flaws in any type of website, web application and web service. The software employs what it calls “proof-based scanning technology” that can automatically verify security flaws without reporting any false positives, a claim the company said has been confirmed by independent third-party testing.

    Reply
  5. Tomi Engdahl says:

    IPv6 and 5G will make life hell for spooks and cops say Australia’s spooks and cops
    Both make it harder to connect you to your connections
    https://www.theregister.co.uk/2018/02/27/ipv6_5g_complicate_gathering_evidence_and_surveillance/

    Reply
  6. Tomi Engdahl says:

    Regulators in the UK are also calling for more hearings into Facebook and Cambridge Analytica
    https://techcrunch.com/2018/03/18/regulators-in-the-uk-are-also-calling-for-more-hearings-into-facebook-and-cambridge-analytica/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    As more details emerge about Cambridge Analytica’s use of Facebook data in the U.S. presidential election, members of Parliament in the UK are joining congressional leadership in the U.S. to call for a deeper investigation and potential regulatory action.

    The Chair of parliamentary committee investigating “fake news”, the conservative MP Damian Collins, accused both Cambridge Analytica and Facebook of misleading his committee’s investigation in a statement early Sunday morning indicating that both companies would be called in for more questioning.

    Reply
  7. Tomi Engdahl says:

    Facebook has suspended the account of the whistleblower who exposed Cambridge Analytica
    https://techcrunch.com/2018/03/18/facebook-has-suspended-the-account-of-the-whistleblower-who-exposed-cambridge-analytica/

    Tech hath no fury like a multi-billion dollar social media giant scorned.

    In the latest turn of the developing scandal around how Facebook’s user data wound up in the hands of Cambridge Analytica — for use in the in development in psychographic profiles that may or may not have played a part in the election victory of Donald Trump — the company has taken the unusual step of suspending the account of the whistleblower who helped expose the issues.

    Facebook and the endless string of worst-case scenarios
    https://techcrunch.com/2018/03/18/move-fast-and-fake-things/

    FAdChoices

    Facebook and the endless string of worst-case scenarios
    Facebook and the endless string of worst-case scenarios
    Josh Constine
    @JoshConstine / 5 hours ago

    facebook-platform-10-year
    Facebook has naively put its faith in humanity and repeatedly been abused, exploited, and proven either negligent or complicit. The company routinely ignores or downplays the worst-case scenarios, idealistically building products without the necessary safeguards, and then drags its feet to admit the extent of the problems.

    This approach, willful or not, has led to its latest scandal, where a previously available API for app developers was harnessed by Trump and Brexit Leave campaign technology provider Cambridge Analytica to pull not just the profile data of 270,000 app users who gave express permission, but of 50 million of those people’s unwitting friends.

    Reply
  8. Tomi Engdahl says:

    Facebook’s latest privacy debacle stirs up more regulatory interest from lawmakers
    https://techcrunch.com/2018/03/17/facebook-cambridge-analytica-regulation-klobuchar-warner/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    AdChoices

    Facebook’s latest privacy debacle stirs up more regulatory interest from lawmakers
    Taylor Hatmaker
    @tayhatmaker / 18 hours ago

    Mark Zuckerberg Delivers Keynote Address At Facebook F8 Conference
    Facebook’s late Friday disclosure that a data analytics company with ties to the Trump campaign improperly obtained — and then failed to destroy — the private data of 50 million users is generating more unwanted attention from politicians, some of whom were already beating the drums of regulation in the company’s direction.

    On Saturday morning, Facebook dove into the semantics of its disclosure, arguing against wording in the New York Times story the company was attempting to get out in front of that referred to the incident as a breach.

    Reply
  9. Tomi Engdahl says:

    Hackers Awarded $267,000 at Pwn2Own 2018
    https://www.securityweek.com/hackers-awarded-267000-pwn2own-2018

    White hat hackers have earned a total of $267,000 at this year’s Pwn2Own competition for exploits targeting Microsoft Edge, Apple Safari, Oracle VirtualBox and Mozilla Firefox.

    On the first day, Richard Zhu (aka fluorescence) failed to hack Safari, but he did demonstrate an exploit chain against Edge, which earned him $70,000. Niklas Baumstark from the Phoenhex team received $27,000 for hacking VirtualBox, while Samuel Groß (aka saelo) of Phoenhex earned $65,000 for hacking Safari.

    Reply
  10. Tomi Engdahl says:

    Remotely Exploitable Vulnerability Discovered in MikroTik’s RouterOS
    https://www.securityweek.com/remotely-exploitable-vulnerability-discovered-mikrotiks-routeros

    A vulnerability exists in MikroTik’s RouterOS in versions prior to the latest 6.41.3, released Monday, March 12, 2018. Details were discovered February and disclosed by Core Security on Thursday.

    MikroTik is a Latvian manufacturer that develops routers and software used throughout the world. RouterOS is its Linux-based operating system.

    The vulnerability, a MikroTik RouterOS SMB buffer overflow flaw, allows a remote attacker with access to the service to gain code execution on the system. Since the overflow occurs before authentication, an unauthenticated remote attacker can exploit it.

    Reply
  11. Tomi Engdahl says:

    Sofacy Targets European Govt as U.S. Accuses Russia of Hacking
    https://www.securityweek.com/sofacy-targets-european-govt-us-accuses-russia-hacking

    Just as the U.S. had been preparing to accuse Russia of launching cyberattacks against its energy and other critical infrastructure sectors, the notorious Russia-linked threat group known as Sofacy was spotted targeting a government agency in Europe.

    The United States on Thursday announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms.

    The United States on Thursday announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms.

    Reply
  12. Tomi Engdahl says:

    Hackers Tried to Cause Saudi Petrochemical Plant Blast: NYT
    https://www.securityweek.com/hackers-tried-cause-saudi-petrochemical-plant-blast-nyt

    Cyber-attackers tried to trigger a deadly explosion at a petrochemical plant in Saudi Arabia in August and failed only because of a code glitch, The New York Times reported.

    Investigators declined to identify the suspected attackers, but people interviewed by the newspaper unanimously said that it most likely aimed to cause a blast that would have guaranteed casualties. A bug in the attackers’ code accidentally shut down the system instead, according to the report.

    The cyber-attack — which could signal plans for other attacks around the world — was likely the work of hackers supported by a government, according to multiple insiders interviewed by the newspaper.

    All sources declined to name the company operating the plant as well as the countries suspected to have backed the hackers, The New York Times said.

    Security experts however told the newspaper that Iran, China, Russia, Israel and the United States had the technical capacity to launch an attack of that magnitude.

    A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.
    https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html?rref=SecurityWeek

    In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.

    Reply
  13. Tomi Engdahl says:

    China-linked Hackers Target Engineering and Maritime Industries
    https://www.securityweek.com/china-linked-hackers-target-engineering-and-maritime-industries

    A China-related cyberespionage group that has been active for half a decade has increased its attacks on engineering and maritime entities over the past months, FireEye reports.

    Referred to as Leviathan or TEMP.Periscope, the group has been historically interested in targets connected to South China Sea issues, which hasn’t changed in the recently observed attacks. Targets include research institutes, academic organizations, and private firms in the United States.

    Reply
  14. Tomi Engdahl says:

    Hacker Adrian Lamo Dies at Age 37
    https://www.securityweek.com/hacker-adrian-lamo-dies-age-37

    Adrian Lamo, the former hacker best known for breaching the systems of The New York Times and turning in Chelsea Manning to authorities, has died at age 37.

    Lamo had been living in Wichita, Kansas, and he was found dead in an apartment on Wednesday.

    Lamo broke into the systems of companies such as Yahoo, AOL, Comcast, Microsoft and The New York Times in an effort to demonstrate that they had been vulnerable to hacker attacks.

    He was arrested in 2003 and in early 2004 he pleaded guilty to computer crimes against Microsoft, The New York Times, and data analytics provider LexisNexis.

    Lamo drew criticism in 2010 after he reported Chelsea Manning (at the time U.S. Army intelligence analyst Bradley Manning) to the Army for leaking a massive amount of classified documents to WikiLeaks.

    Reply
  15. Tomi Engdahl says:

    RDP Flaw: Every Windows Version Affected
    https://www.cloudmanagementsuite.com/major-rdp-flaw

    CredSSP Flaw in RDP

    Credential Security Support Provider protocol (CredSSP), a Windows protocol that interacts with features like RDP, has a critical vulnerability. The danger here is that malicious entities could manipulate RDP to gain access to user’s devices and environments, stealing sensitive and valuable data.

    Since RDP is a feature within Windows, and one of the most popular application to perform remote access, everyone is exposed to this security threat. Literally every version of Windows, at the time of this article, contains this flaw.

    Microsoft has released updates that target this issue. Even if you aren’t using RDP regularly, deploying this patch to your windows devices is critical.

    Reply
  16. Tomi Engdahl says:

    US Accuses Russian Government of Hacking Infrastructure
    https://www.securityweek.com/us-accuses-russian-government-hacking-infrastructure

    The Russian government is behind a sustained hacking effort to take over the control systems of critical US infrastructure like nuclear power plants and water distribution, according to US cyber security investigators.

    A technical report released by the Department of Homeland Security on Thursday singled out Moscow as directing the ongoing effort that could give the hackers the ability to sabotage or shut down energy and other utility plants around the country.

    It was the first time Washington named the Russian government as behind the attacks which have been taking place for nearly three years.

    The allegation added to a series of accusations of political meddling and hacking against Russia that led to Washington announcing fresh sanctions against the country this week.

    “Since at least March 2016, Russian government cyber actors … targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” the report from the DHS Computer Emergency Readiness Team said.

    Reply
  17. Tomi Engdahl says:

    Munsif Vengattil / Reuters:
    Facebook shares slide 4% in premarket trading amid calls for investigation from lawmakers and concerns of deeper regulatory scrutiny of the platform — (Reuters) – Facebook Inc’s shares fell 4 percent in premarket on Monday after media reports that a political consultancy that worked …

    Facebook shares slide after reports of data misuse
    https://www.reuters.com/article/us-facebook-cambridge-analytica-stocks/facebook-shares-slide-after-reports-of-data-misuse-idUSKBN1GV1E8

    Facebook Inc’s shares fell more than 4 percent in premarket trading after media reports that a political consultancy that worked on President Donald Trump’s campaign gained inappropriate access to data on 50 million Facebook users.

    Reply
  18. Tomi Engdahl says:

    Washington Post:
    Two former FTC officials say Facebook may have violated 2011 privacy consent decree as US and UK politicians demand more information from Zuckerberg personally

    Facebook may have violated FTC privacy deal, say former federal officials, triggering risk of massive fines
    https://www.washingtonpost.com/news/the-switch/wp/2018/03/18/facebook-may-have-violated-ftc-privacy-deal-say-former-federal-officials-triggering-risk-of-massive-fines/

    Two former federal officials who crafted the landmark consent decree governing how Facebook handles user privacy say the company may have violated that decree when it shared information from tens of millions of users with a data analysis firm that later worked for President Trump’s 2016 campaign.

    Such a violation, if eventually confirmed by the Federal Trade Commission, could lead to many millions of dollars in fines against Facebook, said David Vladeck, who as the director of the FTC’s Bureau of Consumer Protection oversaw the investigation of alleged privacy violations by Facebook and the subsequent consent decree resolving the case in 2011. He left that position in 2012.

    Reply
  19. Tomi Engdahl says:

    Caroline Linton / CBS News:
    Facebook says it won’t lift account suspension for Cambridge Analytica whistleblower Chris Wylie because of his admitted ToS violations

    Facebook “privately welcomed” help of whistleblower, then publicly suspended account, attorney says
    https://www.cbsnews.com/news/christopher-wylie-cambridge-analytica-facebook-account-suspended/

    Facebook announced Friday it had suspended the account of Christopher Wylie, the whistleblower from data firm Cambridge Analytica, shortly before articles were published about the data firm and Facebook. His attorney, Tamsin Allen, said in a statement early Sunday that when Facebook became aware of the articles about to published about data harvesting at the social media giant, the company “privately welcomed” his help — and then publicly suspended his account.

    Facebook announced Friday night that it had suspended Wylie along with a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan and the consulting company Strategic Communication Laboratories — the parent company of Cambridge Analytica. In the release about the suspension, Facebook said Kogan had passed along data harvested from a digital app to Cambridge Analytica and Wylie and lied to Facebook about deleting the data.

    Facebook’s release about the suspensions came just hours before exposés about the company’s practices were published in The New York Times and the Guardian. Wylie spoke to both outlets, saying he and Kogan “exploited” Facebook.

    “We exploited Facebook to harvest millions of people’s profiles,” Wylie told the Guardian. “And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”

    According to the Guardian, data was harvested from 50 million profiles and Facebook failed to inform uses and did little to recover the data. Although only 270,000 downloaded Kogan’s app, there was a loophole at Facebook at the time that allowed app developers to not only see the data of people who downloaded the app but also everyone in that user’s friend network, Wired senior reporter Issie Lapowsky told CBSN Saturday.

    Reply
  20. Tomi Engdahl says:

    Cyber Soldiers: White-hat hackers
    https://www.cbsnews.com/news/cyber-soldiers-cbsn-on-assignment/

    Since 2015, almost all healthcare organizations have reported at least one cyberattack. The largest U.S. hospital attacked in the U.S. 2017 was Erie County Medical Center in Buffalo, New York, and they’re still feeling the effects.

    The hospital’s CEO, Thomas Quatroche, decided not to pay the ransom, but the hack will cost them a lot of money. “This is a form of terrorism… we decided not to pay that ransom but make no mistake about it this … it’s going to cost us a lot of money in the long run,” he says.

    Thousands of these attacks, of all scales, take place every day. So who can protect against these attacks? “White-hat hackers” are the good guys — paid by companies to hack their systems and find flaws before they are exploited by cyber criminals, or “black-hat hackers”.

    CBS News traveled to Mumbai, India to meet one of the world’s best white-hat hackers, Sandeep Singh, better known by his online moniker “Geekboy.”

    India has emerged as a leading nation in the cyber war. White-hat hackers report more vulnerabilities to companies from here than hackers anywhere else in the world. “Geekboy” has hacked companies like Microsoft, Facebook, Twitter, Uber and AirBnb — with good intentions. And he is paid well for it — companies offer ‘bug bounties’ to people who find vulnerabilities in their systems which they can then patch. “How much I make in one day, my friends make in one year,” Singh says.

    Despite being on the front lines of this cyber war, hackers like “Geekboy” tend to keep a low profile.

    But some people question if white-hat hackers only have good intentions. “Basically anyone can say that about any hackers… but about me – that’s not something you can say,” Geekboy says. From person to person, it can be difficult to divine their motives, and experts admit that relying on white-hat hacking is often a gamble.

    Reply
  21. Tomi Engdahl says:

    Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
    https://www.bleepingcomputer.com/news/security/firefox-master-password-system-has-been-poorly-secured-for-the-past-9-years/

    For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the “master password” feature.

    Both Firefox and Thunderbird allow users to set up a “master password” through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client.

    Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim’s computer.

    Master password encryption uses low SHA1 iteration count

    The flag Palant is referring to is the fact that the SHA-1 function has an iteration count of 1, meaning it’s applied just once, while industry practices regard 10,000 as a solid minimum for this value, while applications like LastPass use values of 100,000.

    Palant points to recent advances in GPU card technologies that now allow attackers to brute-force simplistic master passwords in under a minute.

    Reply
  22. Tomi Engdahl says:

    Alexis C. Madrigal / The Atlantic:
    Cambridge Analytica claims to not use Facebook data in voter profiles, perhaps because the models it built from 2014 data do not require more data from Facebook

    What Took Facebook So Long?
    https://www.theatlantic.com/technology/archive/2018/03/facebook-cambridge-analytica/555866/

    Scholars have been sounding the alarm about data-harvesting firms for nearly a decade. The latest Cambridge Analytica scandal shows it may be too late to stop them.

    Slate:
    Major tech platforms like Facebook become vulnerable to unethical practices by third parties because they do not proactively support ethical research — Give researchers more access to data, not less. — In a 2013 paper, psychologist Michal Kosinski and collaborators from University …

    One Way Facebook Can Stop the Next Cambridge Analytica
    Give researchers more access to data, not less.
    https://slate.com/technology/2018/03/cambridge-analytica-demonstrates-that-facebook-needs-to-give-researchers-more-access.html

    In a 2013 paper, psychologist Michal Kosinski and collaborators from University of Cambridge in the United Kingdom warned that “the predictability of individual attributes from digital records of behavior may have considerable negative implications,” posing a threat to “well-being, freedom, or even life.” This warning followed their striking findings about how accurately the personal attributes of a person (from political leanings to intelligence to sexual orientation) could be inferred from nothing but their Facebook likes. Kosinski and his colleagues had access to this information through the voluntary participation of the Facebook users by offering them the results of a personality quiz, a method that can drive viral engagement. Of course, one person’s warning may be another’s inspiration.

    Reply
  23. Tomi Engdahl says:

    Thomas Reed / Malwarebytes Labs:
    $15K GrayKey device marketed to law enforcement can reportedly unlock even the latest iPhones, posing serious security concerns

    GrayKey iPhone unlocker poses serious security concerns
    https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/

    Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.

    Since then it has become known that Cellebrite— an Israeli company—does provide iPhone unlocking services to law enforcement agencies.

    Cellebrite, through means currently unknown, provides these services at $5,000 per device, and for the most part this involves sending the phones to a Cellebrite facility.

    In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia, Grayshift was founded in 2016, and is a privately-held company with fewer than 50 employees. Little was known publicly about this device—or even whether it was a device or a service—until recently, as the GrayKey website is protected by a portal that screens for law enforcement affiliation.

    According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs. This is drastically different from Cellebrite’s overall business model, in that it puts complete control of the process in the hands of law enforcement.

    Reply
  24. Tomi Engdahl says:

    Flash, Windows Users: It’s Time to Patch
    https://krebsonsecurity.com/2018/03/flash-windows-users-its-time-to-patch/

    Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release.

    The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server.

    Reply
  25. Tomi Engdahl says:

    Look-Alike Domains and Visual Confusion
    https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/

    How good are you at telling the difference between domain names you know and trust and impostor or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using.

    A SOLUTION TO VISUAL CONFUSION

    To be clear, the potential threat highlighted by Holden’s experiment is not new. Security researchers have long warned about the use of look-alike domains that abuse special IDN/Unicode characters. Most of the major browser makers have responded in some way by making their browsers warn users about potential punycode look-alikes.

    With the exception of Mozilla, which by most accounts is the third most-popular Web browser. And I wanted to know why. I’d read the Mozilla Wiki’s IDN Display Algorithm FAQ,” so I had an idea of what Mozilla was driving at in their decision not to warn Firefox users about punycode domains: Nobody wanted it to look like Mozilla was somehow treating the non-Western world as second-class citizens.

    If you’re a Firefox user and would like Firefox to always render IDNs as their punycode equivalent when displayed in the browser address bar, type “about:config” without the quotes into a Firefox address bar. Then in the “search:” box type “punycode,” and you should see one or two options there. The one you want is called “network.IDN_show_punycode.” By default, it is set to “false”; double-clicking that entry should change that setting to “true.”

    Reply
  26. Tomi Engdahl says:

    Facebook hired a forensics firm to investigate Cambridge Analytica as stock falls 7%
    https://techcrunch.com/2018/03/19/facebook-hired-a-forensics-firm-to-investigate-cambridge-analytica-as-stock-falls-7/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    AdChoices

    Mar 19 11:15p
    Facebook hired a forensics firm to investigate Cambridge Analytica as stock falls 7%
    Jonathan Shieber
    @jshieber /
    Alexander Nix
    Hoping to tamp down the furor that erupted over reports that its user data was improperly acquired by Cambridge Analytica, Facebook has hired the digital forensics firm Stroz Friedberg to perform an audit on the political consulting and marketing firm.

    In a statement, Facebook said that Cambridge Analytica has agreed to comply and give Stroz Friedberg access to their servers and systems.

    Facebook has also reached out to the whistleblower, Christopher Wylie, and Aleksandr Kogan, the Cambridge University professor who developed an application that collected data that he then sold to Cambridge Analytica.

    Facebook shares plummeted 7 percent, erasing roughly $40 billion in market capitalization amid fears that the growing scandal could lead to greater regulation of the social media juggernaut.

    Indeed both the Dow Jones Industrial Average and the Nasdaq fell sharply as worries over increased regulations for technology companies ricocheted around trading floors, forcing a sell-off.

    Reply
  27. Tomi Engdahl says:

    Pirate Site Visits Lead to More Malware, Research Finds
    By Ernesto on March 18, 2018
    https://torrentfreak.com/pirate-site-visits-lead-to-more-malware-research-finds-180318/

    New research from Carnegie Mellon University reveals that more time spent on pirate sites increases the risk of running into malware. The same effect was not found for other categories, such as social networks, shopping or gambling sites. While the results show an increased threat, it’s doubtful that the absolute numbers will impress hardened pirates.

    Reply
  28. Tomi Engdahl says:

    Revealed: Trump’s election consultants filmed saying they use bribes and sex workers to entrap politicians
    https://www.channel4.com/news/cambridge-analytica-revealed-trumps-election-consultants-filmed-saying-they-use-bribes-and-sex-workers-to-entrap-politicians-investigation

    An undercover investigation by Channel 4 News reveals how Cambridge Analytica secretly campaigns in elections across the world. Bosses were filmed talking about using bribes, ex-spies, fake IDs and sex workers.

    In one exchange, when asked about digging up material on political opponents, Mr Nix said they could “send some girls around to the candidate’s house”, adding that Ukrainian girls “are very beautiful, I find that works very well”.

    “We’ll offer a large amount of money to the candidate, to finance his campaign in exchange for land for instance, we’ll have the whole thing recorded, we’ll blank out the face of our guy and we post it on the Internet.”

    Reply
  29. Tomi Engdahl says:

    Coverity Scan Hacked, Abused for Cryptocurrency Mining
    https://www.securityweek.com/coverity-scan-hacked-abused-cryptocurrency-mining

    Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining.

    Synopsys, which acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. The company said malicious actors gained access to Coverity Scan systems sometime in February.

    “We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys told users. “We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.”

    Synopsys says the service is now back online and it believes the point of access leveraged by the attackers has been closed. In order to regain access to Coverity Scan, users will need to reset their passwords.

    Reply
  30. Tomi Engdahl says:

    Frost Bank Says Data Breach Exposed Check Images
    https://www.securityweek.com/frost-bank-says-data-breach-exposed-check-images

    Frost Bank, a subsidiary of Cullen/Frost Bankers, Inc., announced on Friday that it discovered the unauthorized access to images of checks stored electronically.

    According to the company, it discovered last week that a third-party lockbox software program had been compromised, resulting in unauthorized users being able to view and copy images of checks stored electronically in the image archive. Frost Bank systems weren’t impacted in the incident, Frost says.

    Reply
  31. Tomi Engdahl says:

    Facebook Security Chief Changes Role to Focus on Election Fraud
    https://www.securityweek.com/facebook-security-chief-changes-role-focus-election-fraud

    Facebook’s chief of security late Monday said his role has shifted to focusing on emerging risks and election security at the global social network, which is under fire for letting its platform be used to spread bogus news and manipulate voters.

    Alex Stamos revealed the change in his role at work after a New York Times report that he was leaving Facebook in the wake of internal clashes over how to deal with the platform being used to spread misinformation.

    “Despite the rumors, I’m still fully engaged with my work at Facebook,” Stamos said in a message posted at his verified Twitter account.

    “It’s true that my role did change. I’m currently spending more time exploring emerging security risks and working on election security.”

    Reply
  32. Tomi Engdahl says:

    Facebook Rocked by New Data Breach Scandal
    https://www.securityweek.com/facebook-rocked-new-data-breach-scandal

    Facebook shares plunged Monday following revelations that a firm working for Donald Trump’s presidential campaign harvested data on 50 million users, as analysts warned the social media giant’s business model could be at risk.

    Calls for investigations came on both sides of the Atlantic after Facebook responded to the explosive reports of misuse of its data by suspending the account of Cambridge Analytica, a British communications firm hired by Trump’s 2016 campaign.

    “This is a major breach that must be investigated. It’s clear these platforms can’t police themselves,” Democratic Senator Amy Klobuchar said on Twitter.

    Reply
  33. Tomi Engdahl says:

    Cambridge Analytica: Firm at the Heart of Facebook Scandal
    https://www.securityweek.com/cambridge-analytica-firm-heart-facebook-scandal

    At the center of a scandal over alleged misuse of Facebook users’ personal data, Cambridge Analytica is a communications firm hired by those behind Donald Trump’s successful US presidential bid.

    An affiliate of British firm Strategic Communication Laboratories (SCL), Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.

    Reply
  34. Tomi Engdahl says:

    Downsides and Dangers of Cryptominers
    https://www.securityweek.com/downsides-and-dangers-cryptominers

    While “cryptojacking”— whereby a website visitors’ CPU is “borrowed” to mine for cryptocurrency — has been grabbing headlines with its rapid growth, I’ve read a few blasé comments from a few IT pros that suggest the downsides and real security risks associated with cryptomining aren’t well understood.

    One of the obvious issues with JavaScript-based cryptomining is that even the vast majority of sites that have willingly installed the scripts run them without informing the site visitor. But the problems and risks posed by cryptomining run deeper than just non-consensual use of a small bit of CPU power, among them:

    Reply
  35. Tomi Engdahl says:

    The Latest Strains of Attacks on the Pharmaceutical and Healthcare Sector
    https://www.securityweek.com/latest-strains-attacks-pharmaceutical-and-healthcare-sector

    The value of this data to financially-motivated threat actors is evident by continued extortion attempts against companies in this sector and data breaches. Let’s look at a few recent examples.

    ● Extortion attacks, the now infamous ransomware attacks we read about daily, are affecting all sectors and healthcare and pharmaceutical companies are not immune. The personal and sensitive information they hold, offer lucrative opportunities for threat actors to conduct identity theft, fraud and sell data to other threat actors.

    ● Data breaches can have long-lasting impacts on organizations and individuals. Just consider the Yahoo breaches if you have any doubts. In the healthcare industry we see the same thing. Late last year the HaveIBeenPwned website added approximately four million records from Malaysian websites to its data repository.

    Reply
  36. Tomi Engdahl says:

    Firefox Fails at Keeping Passwords Secure, Developer Claims
    https://www.securityweek.com/firefox-fails-keeping-passwords-secure-developer-claims

    Recovering Encrypted Firefox Passwords via Brute Force Attacks is Easy, Developer Says

    Firefox does a poor job at securing stored passwords even if the user has set up a master password, a software developer claims.

    According to Wladimir Palant, author of the popular Adblock Plus extension, the password manager in Firefox and Thunderbird needs some major improvements in terms of security. The manager can spill out passwords in less than a minute, he says.

    The issue, Palant claims, resides in the manner in which the manager converts a password into an encryption key. The operation is performed by the sftkdb_passwordToKey() function, which applies SHA-1 hashing to a string consisting of a random salt and the actual master password.

    In the current implementation, the SHA-1 function has a very low iteration count of 1, meaning that it falls way behind what’s considered a minimum value in practice, namely 10,000. In fact, an iteration count of at least 1,000 was considered “modest” decades ago.

    Because of that, recovering encrypted passwords via brute force attacks is not difficult at all, Palant says. In fact, he underlines that graphics processing units (GPUs) are great at calculating SHA-1 hashes. With some of them capable of calculating billions of SHA-1 hashes per second, it would not take more than a minute to crack the passwords encrypted and stored in Firefox.

    This NSS bug was first reported about nine years ago, but remains unpatched. And it wouldn’t even be that difficult to address the issue, the developer says.

    Reply
  37. Tomi Engdahl says:

    Russian Cyberspies Hacked Routers in Energy Sector Attacks
    https://www.securityweek.com/russian-cyberspies-hacked-routers-energy-sector-attacks

    A cyberespionage group believed to be operating out of Russia hijacked a Cisco router and abused it to obtain credentials that were later leveraged in attacks targeting energy companies in the United Kingdom, endpoint security firm Cylance reported on Friday.

    The United States last week announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the NotPetya attack and campaigns targeting energy firms. Shortly after, US-CERT updated an alert from the DHS and FBI to officially accuse the Russian government of being responsible for critical infrastructure attacks launched by a threat actor tracked as Dragonfly, Crouching Yeti and Energetic Bear.

    A warning issued last year by the UK’s National Cyber Security Centre (NCSC) revealed that hackers had targeted the country’s energy sector, abusing the Server Message Block (SMB) protocol and attempting to harvest victims’ passwords.

    When a malicious document is opened using Microsoft Word, it loads a template file from the attacker’s SMB server. When the targeted device connects to the SMB server, it will attempt to authenticate using the current Windows user’s domain credentials, basically handing them over to the attackers.

    In a separate analysis of such attacks, Cylance noted that while the credentials will in most cases be encrypted, even an unsophisticated attacker will be able to recover them in a few hours or days, depending on their resources.

    Reply
  38. Tomi Engdahl says:

    The Noisy Fallacies of Psychographic Targeting
    https://www.wired.com/story/the-noisy-fallacies-of-psychographic-targeting

    Cambridge Analytica’s targeting efforts probably didn’t work, but Facebook should be embarrassed anyway.

    Reply
  39. Tomi Engdahl says:

    Private Internet Access VPN opens code-y kimono, starting with Chrome extension
    All client-side app code to be released over next six months
    https://www.theregister.co.uk/2018/03/19/private_internet_access_opens_up_its_code/

    VPN tunneller Private Internet Access (PIA) has begun open sourcing its software.

    Over the next six months, the service promises that all its client-side software will make its way into the hands of the Free and Open Source Software (FOSS) community, starting with PIA’s Chrome extension.

    The extension turns off mics, cameras, Adobe’s delightful Flash plug-in, and prevents IP discovery. It also blocks ads and tracking.

    Christel Dahlskjaer, director of outreach at PIA, warned that “our code may not be perfect, and we hope that the wider FOSS community will get involved.”

    https://github.com/pia-foss/extension-chrome/

    Reply
  40. Tomi Engdahl says:

    Facebook’s Surveillance Machine
    https://mobile.nytimes.com/2018/03/19/opinion/facebook-cambridge-analytica.html?referer=https://t.co/vzFBqjGh9d

    Facebook users go to the site for social interaction, only to be quietly subjected to an enormous level of surveillance.

    Reply
  41. Tomi Engdahl says:

    15-Year-old Finds Flaw in Ledger Crypto Wallet
    https://krebsonsecurity.com/2018/03/15-year-old-finds-flaw-in-ledger-crypto-wallet/

    15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies.

    Yet Saleem Rashid, a 15-year-old security researcher from the United Kingdom, discovered a way to acquire the private keys from Ledger devices. Rashid’s method requires an attacker to have physical access to the device, and normally such hacks would be unremarkable because they fall under the #1 rule of security — namely, if an attacker has physical access to your device, then it is not your device anymore.

    The trouble is that consumer demand for Ledger’s products has frequently outpaced the company’s ability to produce them (it has sold over a million of its most popular Nano S models to date). This has prompted the company’s chief technology officer to state publicly that Ledger’s built-in security model is so robust that it is safe to purchase their products from a wide range of third-party sellers, including Amazon and eBay.

    Reply
  42. Tomi Engdahl says:

    Facebook has lost $60 billion in value
    https://techcrunch.com/2018/03/20/facebook-has-lost-60-billion-in-value/?utm_source=tcfbpage&sr_share=facebook

    if you look at Monday and Tuesday combined, Facebook shares are down 11.4 percent compared to Friday’s closing price of $185.09.

    Facebook is now worth $476.83 billion.

    That’s how you lose $60 billion in market cap.

    Reply
  43. Tomi Engdahl says:

    Cambridge Analytica CEO Andrew Nix has reportedly been suspended
    https://techcrunch.com/2018/03/20/cambridge-analytica-ceo-andrew-nix-has-reportedly-been-suspended/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Andrew Nix, the CEO of the London-based voter profiling company Cambridge Analytica — which harvested private information from more than 50 million Facebook users without their permission to analyze their voter behavior — has been suspended from his job, according to Bloomberg’s David Meyers.

    Nix’s suspension won’t come as a shock to many, considering footage that was filmed over the last year by Britain’s Channel 4 News and which surfaced yesterday. The video comes on the heels of investigative reporting by the Guardian, The Observer and the New York Times that has shown how the company used data to target groups and design messages that appealed to their interests

    Reply
  44. Tomi Engdahl says:

    MPs summon Mark Zuckerberg and accuse Facebook of misleading them
    https://www.theguardian.com/uk-news/2018/mar/20/officials-seek-warrant-to-enter-cambridge-analytica-hq

    Facebook founder is called to give evidence to committee of MPs after revelations over use of data by Cambridge Analytica

    MPs have summoned Mark Zuckerberg to appear before a select committee investigating fake news and accused his company of misleading them at a previous hearing.

    The Facebook founder has been called to give evidence to the digital, culture, media and sport committee after revelations over the use of its data by the election consultancy Cambridge Analytica.

    The company has also come under the spotlight in the US, after an investigation by the Observer, Channel 4 News and the New York Times revealed that 50m user profiles had been accessed and harvested for data.

    Reply
  45. Tomi Engdahl says:

    Telegram told to give encryption keys to Russian authorities
    http://www.zdnet.com/article/telegram-forced-to-give-encryption-keys-to-russian-authorities/

    The founder of the encrypted messaging app said threats to block the app “won’t bear fruit.”

    A top Russian court has told encrypted messaging app Telegram to share its encryption keys with state authorities.

    Telegram, founded by Russian entrepreneur Pavel Durov, has been fighting an effort by the FSB, the state’s security service formerly known as the KGB, which last year demanded that the company hand over its private encryption keys.

    The company refused. On Tuesday, the country’s supreme court upheld the demand.

    Reply
  46. Tomi Engdahl says:

    Too little too late Facebook. You denied the fact they had user data for 2 years when we know that is a lie and so did you.

    Facebook suspends Cambridge Analytica, the data analysis firm that worked on the Trump campaign
    https://techcrunch.com/2018/03/16/facebook-suspends-cambridge-analytica-the-data-analysis-firm-that-worked-for-the-trump-campaign/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Facebook announced late Friday that it had suspended the account of Strategic Communication Laboratories, and its political data analytics firm Cambridge Analytica — which used Facebook data to target voters for President Donald Trump’s campaign in the 2016

    AdChoices

    Mar 17 4:15a
    Facebook suspends Cambridge Analytica, the data analysis firm that worked on the Trump campaign
    Jonathan Shieber, Taylor Hatmaker
    Alexander Nix
    Facebook announced late Friday that it had suspended the account of Strategic Communication Laboratories, and its political data analytics firm Cambridge Analytica — which used Facebook data to target voters for President Donald Trump’s campaign in the 2016 election. In a statement released by Paul Grewal, the company’s vice president and deputy general counsel, Facebook explained that the suspension was the result of a violation of its platform policies. The company noted that the very unusual step of a public blog post explaining the decision to act against Cambridge Analytica was due to “the public prominence of this organization.”

    Facebook claims that back in 2015 Cambridge Analytica obtained Facebook user information without approval from the social network through work the company did with a University of Cambridge psychology professor named Dr. Aleksandr Kogan. Kogan developed an app called “thisisyourdigitallife” that purported to offer a personality prediction in the form of “a research app used by psychologists.”

    Apparently around 270,000 people downloaded the app, which used Facebook Login and granted Kogan access to users’ geographic information, content they had liked, and limited information about users’ friends. While Kogan’s method of obtaining personal information aligned with Facebook’s policies, “he did not subsequently abide by our rules,” Grewal stated in the Facebook post.

    “By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook

    Reply
  47. Tomi Engdahl says:

    Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation
    https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/

    BSCRIBE
    GOVERNMENT
    Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation
    (Getty)
    TwitterFacebookLinkedInRedditEmail
    Chris Bing and Patrick Howell O’Neill Mar 20, 2018 | CyberScoop

    The U.S. government and Russian cybersecurity giant Kaspersky Lab are currently in the throes of a nasty legal fight that comes on top of a long-running feud over how the company has conducted itself with regard to U.S. intelligence-gathering operations.

    A recent Kaspersky discovery may keep the feud alive for years to come.

    CyberScoop has learned that Kaspersky research recently exposed an active, U.S.-led counterterrorism cyber-espionage operation. According to current and former U.S. intelligence officials, the operation was used to target ISIS and al-Qaeda members.

    On March 9, Kaspersky publicly announced a malware campaign dubbed “Slingshot.” According to the company’s researchers, the campaign compromised thousands of devices through breached routers in various African and Middle Eastern countries, including Afghanistan, Iraq, Kenya, Sudan, Somalia, Turkey and Yemen.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*